|
to mbruno
Re: [HELP] help with new router config Cisco 1921I'm looking back over your configs again... The obvious is buried in there... |
|
|
DocLarge |
to mbruno
By the way, is your computer set to static or dhcp? |
|
mbruno join:2003-07-03 Salisbury, MD |
mbruno
Member
2010-Sep-5 8:25 pm
ok I have finally figured it out!!!!!
I was freaking missing the statement of ip nat inside on gig0/1
I poped that in and BAM! it works. sweet Jesus that took a long time. |
|
|
DocLarge
Premium Member
2010-Sep-5 9:48 pm
*heh* Just goes to show you how we start taking day-to-day configuration for granted Congrats... Jay |
|
|
to mbruno
// slaps forehead Missed the ip nat inside comment as well initially... it's always the little things As to the suggestion of the /29 mask, that was based on your own config of the local DHCP pool as a /29 -- hey, who am I to argue how someone configures their own internal network mbruno... Just out of curiousity, did you do a straight transplant of your old 871 config onto the 1921? If so, the 1921 dropped the Vlan1 config as the 871 has an inbuilt L2 switch, while the 19xxs only have the two gig L3 interfaces and have no concept of VLANs, unless you add an HWIC switch, but that's a whole different discussion entirely. Let us know if you're willing to share pics of the innards and a performance test of the 1921 with us. I for one am most interested Regards |
|
mbruno join:2003-07-03 Salisbury, MD |
mbruno
Member
2010-Sep-6 10:29 am
said by HELLFIRE:// slaps forehead Missed the ip nat inside comment as well initially... it's always the little things As to the suggestion of the /29 mask, that was based on your own config of the local DHCP pool as a /29 -- hey, who am I to argue how someone configures their own internal network mbruno... Just out of curiousity, did you do a straight transplant of your old 871 config onto the 1921? If so, the 1921 dropped the Vlan1 config as the 871 has an inbuilt L2 switch, while the 19xxs only have the two gig L3 interfaces and have no concept of VLANs, unless you add an HWIC switch, but that's a whole different discussion entirely. Let us know if you're willing to share pics of the innards and a performance test of the 1921 with us. I for one am most interested Regards Sure give me sometime to lock my configuration down. Also I did more of a copy and paste of certain command statement and did not know the Vlan would not work until I tried it in the troubleshooting process. It never dawned on me that the 871 had a L2 switch built in to it which is why the Vlan command would work on it. I guess you learn something new everyday even if it does take freaking for ever when learning it on your own through trial and error. Also, let me thank all the people you helped in the process. |
|
|
to mbruno
Don't mention it Jay |
|
1 edit |
to mbruno
I'm planning on getting the cisco 1921. I do have the 871 but my network demands more. How is the performance and the bandwidth of your new router?
I got one Team Fortress 2 Dedicated server with 24 player slot, a Team Speak 3 and FTP server. I got Cox cable and my max speeds are 32/5. Now when I do a speed test my 871 router cpu usage goes to 75%. I only have on access list, not firewall rules enable. I got about 10 nat translations.
Im moving where I get get FIOS then I want to add more dedicated game servers which my 871 won't handle.
OP what is your up/down speeds and CPU usage when running speedtest? |
|
mbruno join:2003-07-03 Salisbury, MD |
mbruno
Member
2010-Oct-30 2:36 pm
I really don't know about the CPU cycle because I have never had a problem with it so I never had to check. I do a lot of online streaming content at home while other family members watch videos and play online games. There should not be an issue for you, I have Comcast and never seen a bottle neck on my end at all. Right now I have a 6MB connection down which is what I pay for since FIOS is not available in my area. I can tell you that when speed boost kicks in, I have received up to 25MB with no problem what so ever.
One thing to keep in mind is that this router is setup different then the 871 you had. I know this because I used to have an 871 and for the longest time it stump me on the config. until I realize and other people in this forum helped me out with the config. The one thing I didn't realize is the 871 has a somewhat switch built in to it so it is configured differently. I hope this helps you, I almost forgot to tell you this is a gig connection to my cable modem and not a 10/100 connection. |
|
|
to mbruno
@yurimaster I can only speculate where and how you're getting your hands on a 1921 router Off the top of my head, Cisco claims the 1941 is rated for ~150Mbps with 64byte packets and no services. Assuming the same CPU as the 1941 and factoring in a 50% marketing fudge factor, it's safe to say the 1921'll handle just about whatever you throw at it. How fast a FiOS are you planning? What's the current config of your 871 and do you plan to use that on the 1921 as is? Regards |
|
bigsy join:2001-07-18 ireland |
to yurimaster
said by yurimaster:I'm planning on getting the cisco 1921. I do have the 871 but my network demands more. How is the performance and the bandwidth of your new router? Not even getting into bandwidth/performance comparisons, make sure you get the correct licences you require for your 1921. I have replaced an 877 (Advanced IP Services) at one site with a 1921. The 1921 needed to be fully loaded with ipbase + security + data licences to emulate the features I needed that Advanced IP Services on the 870 series offered. Gets pricey . |
|
|
to mbruno
Ballpark figure, how much did it cost you bigsy?
Regards |
|
|
to mbruno
I got Cox cable and on my cisco 871 I get 32 down and 6 up on speedtest.net This is with no firewall of any kind like IPS or ip inspect. I only have one access rule. I just use it as a router since I already have good firewalls configure on each computer and switch. |
|
bigsy join:2001-07-18 ireland |
to HELLFIRE
said by HELLFIRE:Ballpark figure, how much did it cost you bigsy? CISCO1921-SEC/K9 ~£650 (~$1000) + VAT Data licence (L-SL-19-DATA-K9=) ~£230 (~$360) + VAT Nothing else comes in the box. Cables and rackmount brackets are all extra |
|
|
to mbruno
@yurimaster Pretty respectable numbers considering Cisco officially rated the 871 for ~12Mbps with no services. In truth, stuff like IPS for sure will kill your CPU and thruput on any current-gen equipment.
I second bigsy's comment of watching out about your licencing... BASE should work as a dropin replacement of your 871, but if you're getting such a modern piece of kit, may as well go all out and get the SEC licence as well.
Just my 00000010 bits. Let us know how you make out
Regards |
|
|
I don't really understand about the license. I bought my cisco 871 New from ebay and it came with the IOS 12.3. It has all the features including the build in IPS which really slows my net down thats why I don't use it.
All I need is a router with fast CEF switching and can handle thousands of concurrent connections at the sometime. I need explanation of what the license is for what what it does. It is a tough choice in the first place to get this router because it will cost me around $900 and what license? It should just have everything and work right out of the box. I should be able to configure my router from the CLI the way I want and setup my network and ready to go |
|
bigsy join:2001-07-18 ireland |
bigsy
Member
2010-Oct-31 12:08 pm
In the 870 series, the IOS features available to you were controlled by whether you installed the Advanced IP Services or Advanced Security IOS images. The 1921, along with the newer ISRs, has a single 'universal' IOS installed. Access to various IOS features is controlled by the license(s) installed on the router. You may or may not have access to certain more 'advanced' features of the router depending on your license. For example, on the 1921, if you want to use IPS you need to have both the security license installed and an active paid for subscription to IPS updates. This is a big difference from the 870 series. The Cisco Feature Navigator (» tools.cisco.com/ITDIT/CFN/) lets you compare different feature sets if you want to research whether a particular command is available with your license. The 'basic' 1921 comes with the IP Base license. Additional licenses (security and/or data) can always be added on later - it is easy to do. In addition, there is also a facility to enable temporary licenses for security and data; I think these last for 8 weeks but can't remember for certain. |
|
2 edits |
to mbruno
Now I understand about the licenses which is a rip off since you already pay premium price. I want someone to recommend me a router for the following setup.
This is what I will get when I move to my new place early next year. Internet speed and ISP: Verizon Fiber optics 35/35 business with static IP
Servers: One server machine with 5 game servers, each server will have 32 player slots so that's a total of 160 players when full. Then I will have a Team Speak 3 running and will have any where from 5-20 people in it. It will also be running a virtual OS in Hyper V just for torrents only.
One gaming rig
One AP for two wireless laptops.
Are there any good routers besides cisco that will be able to handle my network demands? Cisco is way to expensive if you want decent CEF switching throughput. Not to mention maybe in the near future verizon might have new faster speeds (50/50?) for their fios service.
I heard about pfSense but not sure about it's performance and features vs cisco IOS. |
|
sk1939 Premium Member join:2010-10-23 Frederick, MD |
sk1939
Premium Member
2010-Oct-31 12:59 pm
On a budget, pfSense is a decent firewall solution...and you could always go with a software router like Vyatta if you have the time and patience to go that route. |
|
1 edit |
to mbruno
said by yurimaster:Now I understand about the licenses which is a rip off since you already pay premium price. Hate to say it, but this is not a new thing in the software world. How long have Home / Pro / Enterprise / Ultimate / et al versions of one piece of software been around for... not to name names ? What version of IOS did you have on the 871? My personal 'safe harbor' for Cisco gear at your proposed speeds has always been the 180x / 181x / 37xx-series, and you don't have to play Cisco's 15.0 licencing games on the previous gen ISRs. If you still go for the 1921, get the BASE+SEC, which should be a good starter. You also will want to familiarize yourself with the various features of each 'licence' before you plunk down any cash. Feature Navigator as pointed out by bigsy should be a good start to make sure you get what you wanted. Juniper and SonicWall offer pretty decent all-in-one wired/wireless units similar to Cisco's 800-series. Check pricing on the SSG or TZ series respectively. You can also check the router charts at smallnetbuilder.net for low(er) end gear for your needs; I'm personally pretty impressed with the Netgear WNDR3700 performance numbers. Regards |
|
2 edits |
said by yurimaster:What version of IOS did you have on the 871? I currently have 12.4 |
|
yurimaster 1 edit |
to mbruno
I have 22 players in my TF2 server atm, this weekend has been very busy with players and it is full all the time due to the TF2 Halloween special event. Now I ran speedtest and I got around 30mb down while the server is running with 22 players. I did show processes cpu in the router and I saw my cpu usage at 90%.
Here is my running config
Metaverse#sh run Building configuration...
Current configuration : 8501 bytes ! ! Last configuration change at 00:49:33 edt Fri Oct 29 2010 ! NVRAM config last updated at 09:59:10 edt Wed Oct 27 2010 ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname Metaverse ! boot-start-marker boot-end-marker ! logging buffered 50000 debugging logging console critical ! aaa new-model ! ! aaa authentication login default line aaa authorization console ! aaa session-id common ! resource policy ! clock timezone est -5 clock summer-time edt recurring no ip source-route ip icmp rate-limit unreachable 100 ip icmp rate-limit unreachable DF 1 ip cef ! ! ! ! ip vrf forwarding ! no ip bootp server ip ssh time-out 30 ip ssh authentication-retries 4 ip ssh logging events ip inspect log drop-pkt ip inspect udp idle-time 10 login block-for 260 attempts 4 within 460 login on-failure log login on-success log ! ! crypto pki trustpoint TP-self-signed-1369235425 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1369235425 revocation-check none rsakeypair TP-self-signed-1369235425 ! ! crypto pki certificate chain TP-self-signed-1369235425 certificate self-signed 01 3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31333639 32333534 3235301E 170D3037 30323137 31383334 30325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33363932 33353432 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100DAB5 ABB94C16 F76B2164 D3010313 315D23F8 A5161F84 1C38B804 AB7102AF 9AFF3C2C 2F7637E6 3B4441A9 65F9FA7A 52B09BFB 26D5B403 1AA3FB49 B8692ADA 11BF528F 73DB4EED 13F9C205 784F78BD FB766B7E 916B01E1 66472688 158015D1 B99F419D 27587C99 18E21207 72E5B6B6 050A1AA7 9994493F 02A7276F 60A744A0 0E510203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603 551D1104 1B301982 174D6574 61766572 73652E64 632E6463 2E636F78 2E6E6574 301F0603 551D2304 18301680 14124A2E D987FED6 42102CC9 B1CD0849 D5B3E376 25301D06 03551D0E 04160414 124A2ED9 87FED642 102CC9B1 CD0849D5 B3E37625 300D0609 2A864886 F70D0101 04050003 81810005 E75FC258 A9C57F8B 230F148F 769BA471 9EA3E1CC 8FAB0181 50E07C4F B7C13B31 C9A860FE 9B2BD62D 49D28694 6C67FBB2 43BA1A22 FCBF597F 9AE40A0F 927AFB33 7793EDCF 78E13A83 02F6BA3C 5DBB87EC 8AC61B8F 9F83DACE 6021AC0A 61AA8A52 E271B48B F82E0F67 B9C26282 EF71BCFB 9FA4D40C C3F0F325 B0D239BE 38E056 quit username yurimaster ! ! class-map match-any AutoQoS-Stream-Video-Vl3 match protocol rtsp match protocol cuseeme class-map match-any AutoQoS-Management-Vl3 match protocol dns match protocol syslog match protocol socks match protocol ldap match protocol kerberos match protocol secure-imap match protocol snmp match protocol imap match protocol dhcp ! ! policy-map AutoQoS-Policy-Vl3 class AutoQoS-Stream-Video-Vl3 bandwidth remaining percent 1 set dscp cs4 class AutoQoS-Management-Vl3 bandwidth remaining percent 1 set dscp cs2 class class-default fair-queue ! ! ! ! ! ! interface FastEthernet0 description via gigabit LAN switch switchport access vlan 3 no cdp enable ! interface FastEthernet1 description WAP port switchport access vlan 3 no cdp enable ! interface FastEthernet2 shutdown no cdp enable ! interface FastEthernet3 shutdown ! interface FastEthernet4 description WAN connection ip address dhcp no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly ip route-cache flow load-interval 30 duplex auto speed 100 no cdp enable ! interface Vlan1 no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow shutdown ! interface Vlan3 description Cybermatrix ip address 192.168.10.1 255.255.255.0 ip broadcast-address 192.168.10.255 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ! ! ! no ip http server no ip http secure-server ip nat translation tcp-timeout 900 ip nat translation udp-timeout 600 ip nat translation icmp-timeout 180 ip nat inside source list 2 interface FastEthernet4 overload ip nat inside source static tcp 192.168.10.10 30033 interface FastEthernet4 30033 ip nat inside source static tcp 192.168.10.23 10011 interface FastEthernet4 10011 ip nat inside source static tcp 192.168.10.10 3784 interface FastEthernet4 3784 ip nat inside source static udp 192.168.10.10 27020 interface FastEthernet4 27020 ip nat inside source static udp 192.168.10.10 49001 interface FastEthernet4 49001 ip nat inside source static tcp 192.168.10.12 55001 interface FastEthernet4 55001 ip nat inside source static tcp 192.168.10.10 21 interface FastEthernet4 21 ip nat inside source static tcp 192.168.10.10 2302 interface FastEthernet4 2302 ip nat inside source static tcp 192.168.10.10 3389 interface FastEthernet4 3389 ip nat inside source static tcp 192.168.10.10 5922 interface FastEthernet4 5922 ip nat inside source static udp 192.168.10.10 27888 interface FastEthernet4 27888 ip nat inside source static tcp 192.168.10.11 46542 interface FastEthernet4 46542 ip nat inside source static tcp 192.168.10.12 5966 interface FastEthernet4 5966 ip nat inside source static udp 192.168.10.10 20800 interface FastEthernet4 20800 ip nat inside source static udp 192.168.10.10 20810 interface FastEthernet4 20810 ip nat inside source static tcp 192.168.10.10 8204 interface FastEthernet4 8204 ip nat inside source static udp 192.168.10.10 27014 interface FastEthernet4 27014 ip nat inside source static udp 192.168.10.10 27017 interface FastEthernet4 27017 ip nat inside source static tcp 192.168.10.12 61444 interface FastEthernet4 61444 ip nat inside source static udp 192.168.10.12 61444 interface FastEthernet4 61444 ip nat inside source static udp 192.168.10.10 27901 interface FastEthernet4 27901 ip nat inside source static udp 192.168.10.10 16567 interface FastEthernet4 16567 ip nat inside source static udp 192.168.10.10 29900 interface FastEthernet4 29900 ip nat inside source static udp 192.168.10.10 27900 interface FastEthernet4 27900 ip nat inside source static udp 192.168.10.10 64100 interface FastEthernet4 64100 ip nat inside source static tcp 192.168.10.11 51069 interface FastEthernet4 51069 ip nat inside source static udp 192.168.10.11 51069 interface FastEthernet4 51069 ip nat inside source static tcp 192.168.10.12 10245 interface FastEthernet4 44848 ip nat inside source static tcp 192.168.10.10 1723 interface FastEthernet4 1723 ip nat inside source static tcp 192.168.10.10 8767 interface FastEthernet4 8767 ip nat inside source static udp 192.168.10.10 8767 interface FastEthernet4 8767 ip nat inside source static tcp 192.168.10.10 51234 interface FastEthernet4 51234 ip nat inside source static udp 192.168.10.10 3784 interface FastEthernet4 3784 ip nat inside source static udp 192.168.10.23 9987 interface FastEthernet4 9987 ip nat inside source static tcp 192.168.10.10 80 interface FastEthernet4 8008 ip nat inside source static udp 192.168.10.12 28960 interface FastEthernet4 28960 ip nat inside source static udp 192.168.10.10 27015 interface FastEthernet4 27015 !
logging history debugging logging trap debugging logging server-arp logging 192.168.10.10 access-list 2 permit 192.168.10.0 0.0.0.255 access-list 2 deny any no cdp run ! ! ! ! control-plane ! banner motd ^C Welcome to the Metaverse, Don't screw with my networks or I'll will be after you!! All actions will be taken! ^C ! line con 0 password 7 09181C5E4157450741535E54W7C7E75 no modem enable transport preferred none transport output all line aux 0 access-class sl_def_acl in transport output all line vty 0 4 privilege level 15 password 7 1546595B5C787B777061657TY44652564152YQ5404581B transport input ssh transport output all ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 ntp logging ntp clock-period 17175062 ntp max-associations 1 ntp server 64.236.96.53 source FastEthernet4 prefer end
Now most of those ip nat translations are not active or streaming traffic. Only UDP port 27015 that is streaming traffic in ATM which belongs to TF2 server. As you can see I have IOS version 12.4 the router came with 10.3 BTW. |
|
|
to mbruno
What's the package name though? -- Adv IP services? Adv Security? Better yet, put up the output of 'show version' if you can.
Not much I can see with the configs, what was the output of "show ip nat statistics" while you were running this TF2 event?
Regards |
|